Method of securing access to IP LANs

US 20050005110A1
Filed: 06/12/2003
Published: 01/06/2005
Est. Priority Date: 06/12/2003
Status: Active Grant

First Claim

Patent Images

1. A system for internal and internet communication comprising:

an intranet with a connection through a firewall to the internet;

a plurality of databases on the intranet including an intranet security database with a clearance levels for intranet users having a user ID and active codeword; and

a plurality of LANs within the intranet each having a separate security system response to a user ID and codeword in the internet security database to assign a LAN port location to a user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect switching of ports by users.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protection against spoofing is provided in a LAN having at least two service classes, where one service class includes allows access to the LAN, the internet, and the intranet containing the LAN and a more limited service class which allows access to the LAN and the internet but not the intranet databases. A user gains access to the LAN using his or her ID which identifies the user'"'"'s access level. To prevent limited access users from gaining access to the intranet by changing addresses, the system continuously performs periodic checks for address changes. If there is an address change, the port assigned to, or used by the user, is disabled throwing the user off the LAN prior to his or her obtaining the requested data.

129 Citations

View as Search Results

18 Claims

1. A system for internal and internet communication comprising:
- an intranet with a connection through a firewall to the internet;
  
  a plurality of databases on the intranet including an intranet security database with a clearance levels for intranet users having a user ID and active codeword; and
  
  a plurality of LANs within the intranet each having a separate security system response to a user ID and codeword in the internet security database to assign a LAN port location to a user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect switching of ports by users.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein said LAN internet security database includes a listing of approved LAN users, their port location, their MAC'"'"'s and IP'"'"'s.
  - 3. The system of claim 2, wherein the LAN security system compares data in its listings of LAN users with the data for those users in the intranet database.
  - 4. The system of claim 3, wherein the LAN security system disables any port when the comparisons do not show identity of data.
  - 5. The system of claim 4, wherein the LAN security system assigns fixed port sites for various securities ratings.
  - 6. The system of claim 5, wherein the LAN security system assigns a security rating to a port site based on the user'"'"'s security rating.

7. A method for maintaining security in intranet and internet communication comprising:
- providing a plurality of databases on the intranet including an internet security database with clearance levels for intranet users with a user ID and an active codeword; and
  
  having a plurality of LANs within the intranet each having a separate security system responsive to a user ID and codeword in the intranet security database to assign a LAN port location to the user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect the user'"'"'s switching ports.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein said LAN internet security database includes a listing of approved LAN users, their port location, their MAC'"'"'s and IP'"'"'s.
  - 9. The method of claim 8, wherein the LAN security system compares data in its listings of LAN users.
  - 10. The method of claim 9, wherein the LAN security system disables any port when the comparisons do not show identity of data.
  - 11. The method of claim 10, wherein the LAN security system assigns fixed port sites for various securities ratings.
  - 12. The method of claim 10, wherein the LAN security systems assign a security rating to a port site based on the user'"'"'s security rating.

13. A computer software program on at least one computer medium for intranet and internet communication comprising:
- computer code for a plurality of databases on the intranet including an intranet security database with a clearance level for intranet users with a user ID active codeword; and
  
  computer code for a plurality of LANs within the intranet each having a separate security system response to any user ID and codeword in the intranet security database to assign a LAN port location to the user and provide periodic comparisons of the users MAC and IP addresses against the user'"'"'s assigned port location to detect the user'"'"'s switching ports.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The program of claim 13, wherein the computer code for said LAN internet security database includes computer code for a listing of approved LAN users, their port location, their MAC'"'"'s and IP'"'"'s.
  - 15. The program of claim 14, wherein computer code for the LAN security system includes computer code that compares data in its listings of LAN users with that of the users in the intranet security database.
  - 16. The program of claim 15, wherein the computer code for the LAN security system disables any port when the comparisons do not show identity of data.
  - 17. The program of claim 16, wherein the computer code for the LAN security system assigns fixed port sites for various securities ratings.
  - 18. The program of claim 16, wherein the computer code for the LAN security system assigns a security rating to a port site based on the user'"'"'s security rating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LinkedIn Corporation (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
White, William G., Kim, Moom Ju

Granted Patent

US 7,854,009 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/101 Access control lists [ACL]

Method of securing access to IP LANs

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

129 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method of securing access to IP LANs

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links